Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Fortinet FortiProxy SSL VPN 缓冲区错误漏洞
Vulnerability Description
Fortinet FortiProxy SSL VPN是美国 (Fortinet)公司的一个应用软件。提供了一个入侵检测功能。 Fortinet FortiProxy SSL VPN存在缓冲区错误漏洞,该漏洞源于FortiProxy物理设备CLI中的边界错误。通过身份验证的远程用户可以运行具有较大cpuset掩码值的“diagnose sys cpuset”,触发基于堆栈的缓冲区溢出,并在目标系统上执行任意代码。该漏洞允许远程用户在目标系统上执行任意代码。以下产品和版本受到影响:FortiProxy:1.
CVSS Information
N/A
Vulnerability Type
N/A